/ Money

A scammer tricked me out of life savings

phone scam

We hear so much about scams, but what’s it really like to suffer one? One man, who would prefer to remain anonymous, contacted us after a scammer pretending to be from his bank convinced him to transfer money to a ‘safe account’.

I lost more than £50,000 to a phone scam. A man who I thought was from my bank was in reality a scammer who stole my money, abused me and taunted me that he’d taken “my life savings”.

And it happened very quickly.

It was 4 March when I saw £1,800 had been transferred from my account without my knowledge. I told my bank’s fraud department immediately and by the end of the day the money was back, my debit card cancelled and a new one issued. My online banking was deleted and they told me to run my anti-virus software before setting it up again.

Three days later, the bank texted to confirm the money had been returned, then to say it had sent me a new debit card.

So that was that? If only.

‘£3,000 payment from your account’

Just a few minutes after the second text a third, also apparently from my bank, arrived. It said a £3,000 payment had been made from my account and advised me to call the fraud team on the number in the text.

I had no reason to suspect anything, the text was in the same thread as the others, so I called.

The man I spoke to ‘David Cunningham’ was professional. He could see my account details (probably due to spyware on my laptop) and asked the same security questions as a genuine bank employee I’d dealt with three days earlier.

He claimed my accounts had been compromised by an online hack and a £25,000 loan taken out in my name. He said he’d set up safe accounts for my money and gave me instructions to transfer it via online banking.

I assumed it was genuine – after all my account had been hacked a few days before and I was already dealing with the fraud department. The man even directed me to a webpage that confirmed my money was protected up to £75,000.

So I transferred all the money from my accounts and waited for the new details he said would be in the post. He even gave me a work mobile number.

When they didn’t arrive, I called ‘David’ who said they’d been posted.

Two days later, a letter from my bank did arrive – to say I was being charging for being over my overdraft limit.

Alarm bells

Alarm bells rang. I called the landline number in the original text. It went to a GiffGaff answer message, so I tried again. This time ‘David’ called back.

I challenged him with questions about my accounts and he told me to go into my branch on Monday.

When I said I’d call the bank immediately, he swore and ended the call. A few minutes later he phoned again to say he had my life savings. I asked why he’d done this to me and my family. He asked if I’d sell my family to him for the amount he’d taken. He called my mobile later and, when my partner answered, he abused her and said we could have the money back in return for photos of her.

By 14 March, the money had been spent and my bank said that as the money had been spent and I’d apparently ‘authorised’ the transactions online it was unlikely I’d get it back.

Could my bank have done more?

I feel my bank should have contacted me about the unusual and ‘uncharacteristic’ transactions – especially as my accounts had been compromised days earlier.

It’s since told me that the time between disabling my online account and when I set it up again wasn’t enough to clear my computer of a spyware virus, but I wasn’t told this on the day.

I had security software on my computer, which claims to protect me from spyware. It didn’t seem to work in my case.

My bank initially offered half my money back, but has since agreed to refund it all.

Advice on scams from Which?

Adam FrenchAdam French, Which? Consumer Rights Producer: From the evidence he gave us, it looks like our anonymous author was the victim of a complex and authentic-looking scam in which his phone number was cloned and he was the victim of ID theft.

If you’ve been caught out by a scam that’s resulted in you transferring your money into another account, contact your bank immediately.

The bank can try to recover the funds once it’s notified.

You could also have grounds to complain if the bank has somehow contributed to the fraud or if it’s failed to try to recover the funds properly.

If your provider refuses a refund or offers only a partial refund you can escalate your complaint to the Financial Ombudsman Service. It has statutory power to bind banks to its decision. You may also want to report the scam to Action Fraud.


I never answer calls from unknown number’s. The only calls I answer are from people on my calls list which appear as names. I have never rung my bank I do not even have their phone number as I have always said some people will always fall for even the simplest scam every time however much advice the are given. That’s the way of life.

The closure of bank branches is making it increasingly necessary to deal with banking arrangements by e-mail or telephone. This story shows how dangerous it can be to trust text messages, e-mail messages and telephone conversations. We live within thirty minutes walk of branches of our banks but that won’t help on a Sunday or Bank Holiday. It’s very difficult to know how to defeat highly-sophisticated fraud of the sort described here. Personally, I think it is a good idea to have your bank’s phone number conveniently to hand [listed in your mobile’s contact list, for example] so you can call them to query any unusual occurrence purporting to be on the bank’s behalf. Paying more frequent attention to account transactions is also necessary these days and doing it daily on-line is recommended in order to catch any irregularity.

This comment was removed at the request of the user

Lets face it the Banks , abetted by the media, has introduced electronic systems whilst swiftly closing Branches as they are no long economic/required as everything can be done electronically.

The public have been sold a pup as on-line banking and on-line interactions are not safe for the average consumer. Come to that they are not safe for banks with them being compromised for multi-million thefts. It is really quite pathetic the lack of foresight that has gone into this.

The prime motivation of the banks has been profitability and security has been a non-runner in the ocst and benefits equation.

Passing on to branches and in particular the last one in town. IF the public would en-masses transfer their accounts to the last Bank in town and provide it directly with business that would be an effective consideration on keeping it open. The reciprocity arrangements between banks and free use of ATM’s actively discriminates against the final Bank[s] in a town. The public with a little effort could make these Branches both profitable and very unlikely to close.

Local branches staffed by local people is actually a much more secure system than you would think. Local knowledge counts for much.





Adam Shepherd
24 May, 2016
Three banks have lost millions of dollars to hackers using the Swift network

Swift’s CEO has warned that hackers could use its financial transfer system to bring international banks to their knees.

The warning comes after a bank in Ecuador became the third financial institution to be attacked by hackers using the Swift network, which facilitates currency trading between more than 11,000 banks in 200 countries, losing $12 million.

Previous cyber attacks took money from banks in Vietnam and Bangladesh, and Gottfried Leibbrandt, CEO of Swift, warned these attacks appear to be part of a coordinated campaign. “The Bangladesh fraud is not an isolated incident,” he said.

“We are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts.”

oops link is

So there you go even the banks seem to be incapable of protecting themselves let alone customers.

In both those cases (three , now) the banks themselves hadn’t implemented even rudimentary security over transactions and Swift itself has only belatedly agreed that at the very least two-factor identification would be useful…


Yes . Banks incompetent in their own protection and yet expect the untutored customers, without a personal IT security advisor, to master protecting themselves.

And if you want to think about other vectors of attack then the humble printer is another weak link. Particularly useful if networked.

I honestly believe that the NFC enabled payments system will also be shown to be hackable inside three years. Whilst it is nice to be proved right the effects will be fairly horrendous.

For the illusion greater electronic security we will be coerced into providing more and more personal identifiable information which will include facial ID and voice prints. Amazon already are taking voice prints so people can talk to their TV to change channels etc. Google are looking at facial recognition this year.

I agree that banks have the corporate IT departments to look after them something that a awful lot of their customers do not have and are unlikely to get.

“As infosec veteran Graham Cluley points out, Rosen Hotels is only the latest in a long and growing line of hotel chains to have had their customers’ data stolen by criminal hackers. Other corporate victims have included Mandarin Oriental, Trump, Hilton, Marriott, Sheraton and Westin. Malware infections of Point of Sale terminals have been behind many of these breaches.”

And the businesses you use could be the ones that enable attacks.

And to show how secure technology camn make you hare is the results of a group looking at the current applications using the much heralded Internet of Things. Not directly related to financial scams but showing the same degree of offerings and supposed advantages, plus some financial greed, over commonsense. Particularly silly are electronic door-locks as your insurance company may not be impressed.


The article talks about spyware on Anon’s laptop. Possibly how it got there may be down to the vendors.

” Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn.

The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all have at least one security vulnerability that can lead to a full system compromise. Most of the vulnerabilities would be straightforward to exploit even for technically unsophisticated hackers, according to Duo Security.”


I also noted that Anon’s security software failed to reveal that spyware. I think that illustrates the point that security software usually won’t be 100% effective.

Classical security arrangements usually involve multiple barriers or “lines of defence”, in the hope that no particular threat will breach all the barriers.

This comment was removed at the request of the user

There is no evidence that there was spyware on his computer.

Anon could have bought and paid for something online with his debit card.
A scammer could have got hold of his bank details and phone number from that transaction and transferred £1,800.

The debit card was then cancelled so the scammer was unable to use the card details to transfer more money so he resorted to using the phone number. Just because the scammer said he could see the bank details doesn’t mean he actually could.

But then it gets personal and starts to sound like it could be an insider at the bank or even someone Anon knows.

There could be a lot more to this story than what we are reading here.

Thanks Duncan, that “Hacking Team hacked” news story was classic karma.

This comment was removed at the request of the user

1/6/16 LATEST HACK on sophisticated users has financial consequences

” TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company’s systems mysteriously fell offline. TeamViewer denies it has been hacked.

In the past 24 hours, we’ve seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote-control tool on their machines. Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit.

It appears miscreants gained control of victims’ TeamViewer web accounts, and used those to connect into computers, where they seized web browsers to empty PayPal accounts, access webmail, and order stuff from Amazon and eBay.”

2/6/16 Security …..oops and yet again customers not the culprits.
“Lenovo recommends customers uninstall Lenovo Accelerator Application.”
Unencrypted update channels open an avenue for attackers to among other efforts push malware masquerading as software patches. It is limited in that it requires affected users to connect to malicious or open wireless networks to be exposed. Only those Lenovo machines with Windows 10 pre-installed sport the exposed app.”

Come on Which? just lobby for heavy fines for any company shipping holed software. It should be a doddle for MP’s and the police to come aboard ….. though on reflection it might be tricky for the security services.

That might be a tricky one. All software is inherently flawed, partly because the base machine code from the very early days of computing was itself flawed, and just about every bit of software in existence owes its existence to that original code. It’s one of the reasons I mistrust fly-by-wire aircraft systems.

This comment was removed at the request of the user

Ian, as a part-time “software engineer” I would certainly agree that most software is inherently flawed. But, to the best of my knowledge, I have never encountered (or created!) flaws based on old machine code, so I wondered if you know of any simple and obvious examples of this?

In contrast, I think the majority of software flaws arise because of poor design, poor specification and poor testing. Hence, unspecified outcomes can can occur when obscure user (or other) inputs drive the software into states not anticipated by the program designers or investigated during testing. (The recent linux shellshock bug was a good example of this.)

Flaws revealed by testing can often be either fixed in updates – or flagged as “limitations” in software documentation (if that exists).

The complexity of most modern software aggravates these problems considerably. Windows 10 provides a nice example for this point. The first version of WordPerfect for Windows was another prime example too – an all-time great DOS program was “superseded” by a lousy Windows one.

In my view, one of the most significant design flaws in Windows is that, by default, it allows users to set up new PCs so that there is only a single user account, i.e. with full administrator or “root” access. This makes it all too easy for non-expert users to mess up their installation and to be conned into granting permission for the installation of malware.

On Windows PCs, it is much safer to have separate accounts for day-to-users and for system administration and maintenance – but, given the way the software works, you’re not forced or even encouraged to do that. (And I think it’s safer still, to never use Windows for on-line transactions.)

You’re right, Derek. Adobe is one of the worst examples of sloppy and lazy programming. But the base code developed many years ago to enable programs to run on single chipsets has legacies in numerous modern applications, and the translation of that code into higher level languages encountered quite a few stumbling blocks. Most were related to word length (apologies to others who may find this next bit boring) since the algorithms for the computer needed to make maximum use of the shorter word length, at the expense of more arithmetic operations. Once it became necessary to use invert matrices they had to spend a lot of time “debugging” correct programs that were trying to invert poorly conditioned matrices. Often the problem was not in the program logic, but in the underflow conditions, but newer and more innovative systems often built onto the groundwork laid without taking the time to re-write the basic code, thus simply moving the bugs from one level to another, as it were.
Sadly, some of those legacy issues persist to this day. But there’s been so much time and money invested over the years that few companies would risk tearing up the book and starting again.

Bob Pulham says:
25 September 2016

Thank you Diesel! Never will I touch PayPal now.

Victoria says:
3 June 2016

I am very disappointed with this scam people I am getting a100 email all the time to be involved with how to be rich and they are lying and cheating have just taken the money from different people .

My wife and I lost 104k to a Natwest bank fraud and the met police have confirmed a bank insider was involved but 1 year on – no arrests despite met police knowing who money mules are and bank refusing to share their insights with us

This comment was removed at the request of the user

From personal experience (and, no, I wasn’t the perpetrator!!) I know of two instances where companies were scammed by employees. The employees concerned were sacked – but not prosecuted – because the companies involved (i) saw no realistic prospects for recovering their losses; (ii) did not want to incur further costs arranging prosecutions and (iii) did not want to suffer any loss of reputation that might result from court cases, i.e. the public knowledge of their “stupidity” in falling victim to these scams.

In both cases, obvious improvements to business processes were enabled after theses events, to prevent repeat events.

So, at least in these cases, political influence was never involved – the decisions not to prosecute were based solely on self-interest.

Yes… With most shoplifting done by employees it makes a lot of sense for the most dishonest ones to move the playing area. And they, after all, are the ones who know the most about the systems.

And if ever we thought scams only happen to other people…


Ian, thanks for that – some clever stuff there.

When I worked in the defence industry, mobile phones weren’t allowed in sensitive facilities, because, even then, they could be readily modified to serve as covert listening devices.

Also these days, in principle, anyone who downloads apps to a smart phone, may be unwittingly subjecting themselves to unauthorised surveillance.

my Moby missing

This comment was removed at the request of the user

I complained to my bank about a member of staff how they were cheeky and sarcastic, that they cancelled my card without telling me which left me stranded away from home, and then forcing me on to a ATM Card on a CURRENT ACCOUNT I got about £100 from it but when I told them about the member of staff they upped and told me to find a new bank! Completely unacceptable behaviour especially on a under 19s account. I don’t know why I’m still with them apart from they’re my only bank in a 5 mile radius of my house.

I am over 70 and was recently informed by the DVLA that I needed to renew my driving licence. In the accompanying booklet it gave a Website. .gov. etc. etc. driving licence at 70. I completed the details and was then requested to pay £59.99, on line, which I did. By post, I received a further communication from the DVLA, with more questions. By this time I had decided not to renew my licence, so I returned my licence with the form and asked for a refund. Today, I have learned from the DVLA, that this was a copycat website. I do think the DVLA, should warn people in their booklet, to ignore requests for payment on line. As it is I have now been scammed out of £59.99. and I feel very aggrieved.

This comment was removed at the request of the user

This comment was removed at the request of the user

The thing is we’re back to the old rule: never, ever follow a link provided in an email. Over the past couple of weeks I’ve had numerous ‘Paypal’ emails warning me about dire consequences regarding my Paypal account and yesterday’s said they had now closed the account. I’d ignored them all, and today another arrived saying if I acted now I could restore the account. They all offered a link.

The rule is very, very simple: Do not ever, ever follow a link provided in an email of any sort.

If Ivy received a letter from the DVLA enclosing a booklet, it is highly likely that it showed an internet address including the words “renew your driving licence if you’re 70 or over” which Ivy diligently entered into her browser. Putting those words in a browser will bring up a long list of misleading websites that offer to check and process the application for you for a fee. They look like official sites, use similar formats and colours to authentic DVLA documents, and have names like “Driving Licence Application Service”. Unfortunately, the official DVLA website, with the GOV.UK suffix, will not be at the top of the browser listings and people continue to be conned by the scammers behind these counterfeit sites because they appear to be official. This is similar to the fake passport application websites that were the subject of extensive coverage in Which? Conversation some time ago, and to the copycat websites for renewing a European Health Insurance Card [EHIC] which is actually free of charge.

I agree with Ivy that the DVLA should print in their booklet a prominent warning to drivers not to use any website without the words GOV.UK at the end and not to pay any money on line to any website. There is no charge for renewing a driving licence at the age of 70 by direct application to the DVLA. It is not difficult either, but these copycat websites trade on the false premise that there will be complications, that it is worth having the application checked for errors or omissions, that it will speed up the process, and so on. What they don’t make clear enough by any means is that they will take a lot of money off you for nothing much in return.

The dodgy websites do actually state that they are not affiliated to the DVLA or the government, but usually in an obscure place and/or in small print. One such site has a very thin bar along the top containing this message :”This is a non-official optional checking service with charges from £59.99, additional and separate to any DVLA fee, which ranges from free to £90. Applications can be made directly on http://www.gov.uk without a checking service fee”. This is in minuscule text and the words “www.gov.uk” are in blue on dark green so virtually illegible.

Surely imposting like this is a breach of some law, or have they managed to protect themselves by their inclusion of a few crafty words presented in an underhand fashion? I thought the ISP’s and browser providers were going to stop the relegation of official government websites in their listings – what became of that?

The section in red in my post above was not intended to be a link. The Which? software has converted what was part of a quotation from a copycat website into a link by adding the front portion before the ‘www’ in order to force it into moderation. I can understand the reasoning – to trap scams and improper website links – but it is a little bit annoying. The text “http://” does not appear on the website I was quoting from, so what was purporting to be a link in the misleading website would probably not take you through to the DVLA site. For obvious reasons I did not test it but if my suspicions are correct then it is evidence of how callously exploitative these parasitic outfits are.

A further clue to the unauthenticity of certain websites is bad spelling, punctuation and sentence construction. One has a banner across the top in which “application” is spelt “applciation”. Unfortunately, many people’s literacy skills are no better but at least the DVLA does not make such elementary mistakes.

John – All websites start with http:// or https:// (the second applies in this case) even if these are suppressed to keep the displayed URL simpler.

Yes, I realise that but I was trying to submit an exact quotation and despite several attempts to circumvent the mistranslation and creation of a link I was defeated! Never mind, I think I got there in the end. At least [see my previous comment] Which? does not auto-correct intentional spelling errors!

Hello Ivy, do you still have copy of this booklet at all?

I’m a little mystified at Ivy’s predicament. She refers to a booklet sent by the DVLA giving a website. So presumably she did not click on an email link. Had she used the booklet’s website address she would not have had a problem.

When you reach 70 the DVLA send you information about renewing your licence through the post. I am not sure what they do every 3 years after that (when you need to renew). i presume it is still posted as not everyone has, or requests, an email? However even if it is emailed I presume it will be a legitimate one from DVLA where the link is good.

So did Ivy ignore the DVLA’s link and go through Google or another search to end up with her deceptive link?

I agree Malcolm – we don’t know exactly what Ivy typed into her browser. It should have started with “go.uk/” whereby the correct DVLA website is at the top of the listings page [on my browser at least]. However, on the same page there are numerous other unauthorised sites and Ivy might have been drawn to one of them because they offer to steer your application through (what they exaggerate as) the DVLA’s bureaucratic process, and they keep their charges well-concealed and give an outward impression to the uninitiated of a free and helpful service. The reality is it is a money-looting operation.

When my wife reached 70 she received a letter from the DVLA, not an e-mail. I don’t think the DVLA sends e-mails for this purpose since sending a letter to the registered licence-holder’s address is a further part of their security and control procedures.

I meant to edit my preceding post to correct the “gov.uk/” bit in the second sentence.

I must be cracking up this morning.

This comment was removed at the request of the user

I don’t think the UK government has much control over how browser search-engines list their entries, and it is well-known that there are agents who will arrange for company listings to appear first. What the government has, I think, secured is a protocol with the major browser operators to show the GOV.UK listings at the top if the proper URL is inserted. If any other group of words or shortcut is inserted then there is no guarantee that the official website will appear first. This was what was happening with passport applications. People put the word “passport” in and up came a whole load of copycat websites. How many people recognise the title ‘HMPO’ as being the passport office? It is a many-sided problem and I would not be so confident that the same thing does not happen in the USA if an incomplete or slightly different form of words is entered in the browser.

I do not consider that the perpetrators of misleading websites set up for the purpose of tricking the over-seventies out of their pension money are representatives of capitalism in any country Duncan.


A useful site. I find that my email address has been hacked twice.

Oh no — pwned!
Pwned on 2 breached sites and found 1 paste (subscribe to search sensitive breaches)
Notify me when I get pwned Donate

Breaches you were pwned in
A “breach” is an incident where a site’s data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.
Dropbox logo
Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).
Compromised data: Email addresses, Passwords
LinkedIn logo
LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Compromised data: Email addresses, Passwords

A new one to add to the tally giving away a lot of details